Presentation

Based on WALLIX Trustelem
SAML - OpenID Connect

LDAP - Radius

WALLIX Authenticator

Access Manager is compatible with SAML (recommanded), LDAP and Radius
The Bastion is compatible with LDAP and Radius

Architecture

Prerequisites

Setup

Add a directory on Trustelem

Trustelem AD Connect: synchronize identities and authenticate AD users

Add a proxy on Trustelem

Trustelem Connect: proxy LDAP/Radius for Bastion authentication

Setup the Bastion on Trustelem and Bastion sides
Setup the Access Manager on Trustelem and Access Manager sides
Define the access rules
Enroll the 2nd factors

Available factors

Trustelem Authenticator

Push notification
TOTP code

TOTP Authenticator

For example: Google Authenticator, Microsoft Authenticator...

SMS

Additional cost
Not available by default

USB key

For SAML only (Access Manager)
For example, yubico keys

Benefits

Strong authentication for both Access Manager and Bastion: security
Easy and quick to setup: time saving
Improve the management of external users: time saving
Can be extended for the authentication of other apps: with only a license change